diff options
| author | Joel Knight <joel@cvs.openbsd.org> | 2005-08-11 05:09:31 +0000 |
|---|---|---|
| committer | Joel Knight <joel@cvs.openbsd.org> | 2005-08-11 05:09:31 +0000 |
| commit | e905b550c263d54bb85997afb6286a06d1ec3722 (patch) | |
| tree | 20422c923b64dedb5352423c6b5d9669cd9e2dec /sys/net/pf.c | |
| parent | 421f4ee9d25312f7ce5c7ecafa854b169634f1be (diff) | |
Only decrement the max-src-conn counter for tcp connections that reached
"established" state. Requires recompiling pfctl, etc.
ok dhartmei@
Diffstat (limited to 'sys/net/pf.c')
| -rw-r--r-- | sys/net/pf.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index c708d25af91..178f80269c7 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.498 2005/07/31 05:20:56 pascoe Exp $ */ +/* $OpenBSD: pf.c,v 1.499 2005/08/11 05:09:29 joel Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -634,6 +634,7 @@ pf_src_connlimit(struct pf_state **state) int bad = 0; (*state)->src_node->conn++; + (*state)->src.tcp_est = 1; pf_add_threshold(&(*state)->src_node->conn_rate); if ((*state)->rule.ptr->max_src_conn && @@ -940,8 +941,7 @@ pf_src_tree_remove_state(struct pf_state *s) if (s->src_node != NULL) { if (s->proto == IPPROTO_TCP) { - if (s->src.state == PF_TCPS_PROXY_DST || - s->timeout >= PFTM_TCP_ESTABLISHED) + if (s->src.tcp_est) --s->src_node->conn; } if (--s->src_node->states <= 0) { |